Splunk Search

Discussions

Thread Info

How to replace all values for a field with "Other" that do not equal values A, B, or C?

I am working on a pie chart to identify the main categories of some data. Below are some possible values: Apple Peach...

by Explorer in

How to count the number of times IPs have hit a specific URL over consecutive days?

I'm trying to write a search/report that shows the number of times an IP address has hit a given URL over consecutive...

by Explorer in

How to troubleshoot why I'm not getting any data in the iSight Partners ThreatScape App?

Hi All, I installed the iSight Partners ThreatScape App, but data is unavailable in Splunk. What could be the poss...

by New Member in

How to replace values by its rank in a two dimensional chart?

As example I have a search: ... | chart avg(value) as Value by country, supplier this will result in a two dim...

by New Member in

Is it possible to diff file hashes to display if some of the hashes of /etc/ files have changed?

Hi, I have created a script input deployed on several servers which creates a lot of hashes from /etc folder and s...

by New Member in

Loop IP address from 10.0.1.0/24 to 10.10.1.0/24 - How to extract events that belong to this IP range?

I want to extract the events belongs to that IP range 10.0.1.0/24, 10.1.1.0/24, 10.2.1.0/24, upto 10.10.1.0/24 Is CID...

by Explorer in

Plotting events indexed

How can I plot events indexed over time?

by New Member in

Is there a search or btool command we can run from the deployment server to list all deployment client Splunk versions?

Per this root certificate issue expiring in July and https://answers.splunk.com/answers/395886/for-splunk-enterprise-...

by Engager in

How to configure props and transforms to automatically extract XML fields from my data so I don't have to use spath?

Hello all, I'm new to Splunk and I would love some help here. I have an xml file (well, partial xml as you will se...

by Explorer in

How to create a search to find the largest contributor to increasing values?

I have a log with statistics from mq containing some key values (time, MQmanager, Queuename) and some variables (numb...

by Contributor in

Is it possible to export a JSON file through a search result and send the file to a remote location outside Splunk?

I have a requirement to export a JSON file to a remote location. The file would be a feed to REST, which performs som...

by Explorer in

How to create a hierarchical chart with Splunk?

How to create hierarchical chart in Splunk? I have 4 panels in dashboard and I need to display these 4 panels in hier...

by Engager in

How to get Cisco IP SLA statistics into Splunk to create a timechart with an RTT value?

Hello I need to to get Cisco IP SLA statistics into Splunk. I would like to create a timechart with an RTT valu...

by New Member in

How to edit my regex to extract multiple values for a field?

Hello, There is one event. ex)Normal|2016-05-18 10:52:37|123|119.21.7.28|10460|tcp|52.1.2.157|68|allowed|72|12...

by Path Finder in

How to use multiple search results in another search to get my expected output?

Hi All, I have 2 search statements which are giving 2 different search results with same index and sourcetype. I w...

by Explorer in

Is it possible to extract results of an eval match as fields?

Is it possible to do something like this: ...|eval Classification=case(match(class,"Boy"),"Boy",match(class,"Girl"...

by Explorer in

How to edit my panel to show different colors for each bar in my chart?

Hi , I have the below code with multiples lines on the bar. I want to see different colors for each bar. I added [...

by Explorer in

How to use top in timechart

Hi All, I have a requirement to use TOP 4 in the timechart command: Below is my search: index=_internal |tim...

by Explorer in

How to Chart 3 non-numeric variables

Hi all, So I'm working with log files and I have some data that looks like this: Please excuse me not putting ...

by New Member in

Would index-time field extractions help improve search performance over search-time field extractions in our environment?

We have a use case where we receive data from 2 different sources. Please note some key characteristics: 1. Our data ...

by New Member in

How to extract these fields and compare the values?

Hi, I have 2 fields. Field1 is named field13 and Field2 is named logical_usage. Field1 contains "hard" : 109951...

by New Member in

How to extract this field from our sample data using rex?

Hi SPlunkers, I am newbee with REX. Can someone please assist us in extracting this field? We need to extract r...

by Path Finder in

How to add a new column in my chart with a new event count after using the dedup command?

I have a search like this: search| stats count by errortype which is quite simple and returns: errortype ...

by Path Finder in

How to create a new field from a dynamic interesting field?

Hi, I'm trying to do a dashbord with data from dynaTrace alerting (by SplunkAlert plugin). Goal of this report is ...

by New Member in

Hunk + Hive: where are summary searches stored on disk

In order to properly back up our Splunk instance, where are summary searches stored when using Hunk + Hive.

by SplunkTrust in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to replace all values for a field with "Other" that do not equal values A, B, or C?

How to count the number of times IPs have hit a specific URL over consecutive days?

How to troubleshoot why I'm not getting any data in the iSight Partners ThreatScape App?

How to replace values by its rank in a two dimensional chart?

Is it possible to diff file hashes to display if some of the hashes of /etc/ files have changed?

Loop IP address from 10.0.1.0/24 to 10.10.1.0/24 - How to extract events that belong to this IP range?

Plotting events indexed

Is there a search or btool command we can run from the deployment server to list all deployment client Splunk versions?

How to configure props and transforms to automatically extract XML fields from my data so I don't have to use spath?

How to create a search to find the largest contributor to increasing values?

Is it possible to export a JSON file through a search result and send the file to a remote location outside Splunk?

How to create a hierarchical chart with Splunk?

How to get Cisco IP SLA statistics into Splunk to create a timechart with an RTT value?

How to edit my regex to extract multiple values for a field?

How to use multiple search results in another search to get my expected output?

Is it possible to extract results of an eval match as fields?

How to edit my panel to show different colors for each bar in my chart?

How to use top in timechart

How to Chart 3 non-numeric variables

Would index-time field extractions help improve search performance over search-time field extractions in our environment?

How to extract these fields and compare the values?

How to extract this field from our sample data using rex?

How to add a new column in my chart with a new event count after using the dedup command?

How to create a new field from a dynamic interesting field?

Hunk + Hive: where are summary searches stored on disk

Can’t make it to .conf25? Join us online!

Leveraging Automated Threat Analysis Across the Splunk Ecosystem

Can’t Make It to Boston? Stream .conf25 and Learn with Haya Husain

Splunk Lantern’s Guide to The Most Popular .conf25 Sessions

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions

Can’t make it to .conf25? Join us online!